• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Security of SecurID In Question Following Hack of RSA

    March 30, 2011 Alex Woodie

    Following the disclosure by RSA Security over the weekend that its computers had been hacked and information relating to its two-factor authentication software, called SecurID, had been compromised, customers that rely on RSA’s software are wondering what steps they should take next.

    In an open letter to RSA customers, RSA’s executive chairman Art Coviello Jr. explained that RSA recently discovered that it was the victim of an “extremely sophisticated cyber attack,” dubbed an Advanced Persistent Threat (APT) attack. The company’s security pros caught the attack as it was in progress, and immediately took steps to harden the RSA systems so it couldn’t happen again, he says.

    During a subsequent investigation, RSA discovered that the attack “resulted in certain information being extracted from RSA’s systems,” including information about SecurID, one of the EMC subsidiary’s most popular products.

    “While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” Coviello says.

    While Coviello says there is no evidence that any SecurID customers have been compromised as a result of the attack, it is clear from RSA’s statement that it believes the hack and subsequent transfer of sensitive data to cyber criminals could conceivably play some type of supporting role in a compromise of a customer’s system.

    When installed, SecurID uses two things–a cryptographic key that lives on some type of token, and a password that lives in somebody’s head–to grant or deny a requesting user access to a system. Even if RSA’s complete database was hacked, and cyber criminals are distributing copies of customers’ crypto keys as we speak–the worst case scenario–that doesn’t automatically mean that SecurID customers will soon become the subject of a “successful direct attack,” as EMC puts it.

    RSA isn’t sharing a lot of specific information about the attack, and what it means for SecurID customers. In a post to its Securcare online support system, the company states: “We strongly urge immediate customer attention to this advisory, and we are providing immediate remediation steps for customers to take to strengthen their RSA SecurID implementations.”

    Several IBM i security software companies are partners with RSA, and make products that allow IBM i servers to utilize RSA’s crypto keys, including Safestone, Townsend Security, and others.

    This article has been corrected. Powertech‘s IBM i security software does not integrate with RSA’s SecurID product. It previously sold a product that integrated with a different RSA encryption product. IT Jungle regrets the error.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Krengeltech

    When it comes to consuming web APIs on your IBM i, your options often boil down to one of two things:

    First, you end up having to rely on a variety of open source and non-RPG solutions. This adds developer complexity, taking away time that could have been better spent invested in other projects. Of course, open source software is free, but generally comes at the cost of no professional support, which adds an element of risk in your production environment. RXS is completely professionally supported, and is complemented by a staff of trained IBM i developers who can address your nuanced development challenges, head on.

    Second, if you choose not to pursue an open-source solution, you’re often left having to shake up your current program architecture with proprietary software, external dependencies, and partial RPG implementations – many of which are sub-par compared to RPG-XML Suite’s wide range of features. RXS aims to simplify the efforts of developers with tools like code generators, useful commands, and subprocedures written in 100% RPG – no Java. Because they are entirely RPG, the RXS subprocedures are easy to add to new or existing ILE programs and architecture, helping to cut your development time. RPG-XML Suite offers powerful capabilities in an accessible, easy-to-implement format.

    With RPG-XML Suite, you can accomplish a variety of complex tasks, such as:

    • Calling REST and SOAP web services from your IBM i
    • Offering APIs from your IBM i
    • Creating JSON & XML
    • Parsing JSON & XML
    • Text manipulation, Base64 encoding/decoding, CCSID handling, hashing and encryption functions, and more.

    To try RXS for yourself, we recommend a free proof of concept, which not only gives you access to all of RPG-XML Suite’s subprocedures and utilities but also includes a tailor-made software demonstration that can be used as a starting point for your future API implementations.

    For a free proof of concept, contact us at sales@krengeltech.com, or visit our website for more information.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    SEQUEL Software:  FREE Webinar: Overcoming query limits with SEQUEL. March 23
    Northeast User Groups Conference:  21th Annual Conference, April 11 - 13, Framingham, MA
    looksoftware:  Integrate IBM i apps with web services. FREE on-demand webinar and white paper!

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    Automatically Deleting Spooled Files through Expiration Dates AS/400 i Mystery Solved–Again?

    Leave a Reply Cancel reply

Volume 11, Number 11 -- March 22, 2011
THIS ISSUE SPONSORED BY:

Maxava
Help/Systems
ASNA
Linoma Software
Shield Advanced Solutions

Table of Contents

  • Security of SecurID In Question Following Hack of RSA
  • ExtraHop Adds DB2 to Database Performance-Tracking Repertoire
  • InterForm Sees New Opportunities in IBM i Forms Management
  • Early Adopters of Profound UI Pleased
  • Quadrant Touts Replacement for Withdrawn IBM Domino Fax for i5/OS
  • PowerTech to Release Annual IBM i Security Survey
  • Magic Offers Free Version of uniPaaS
  • i365 Launches Virtualized EVault for Microsoft DPM Offering
  • CCSS Takes Aim at IBM i Availability in New Guide
  • Infor Touts License Fee Growth, Expansion Plans

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i 7.3 TR12: The Non-TR Tech Refresh
  • IBM i Integration Elevates Operational Query and Analytics
  • Simplified IBM i Stack Bundling Ahead Of Subscription Pricing
  • More Price Hikes From IBM, Now For High End Storage
  • Big Blue Readies Power10 And IBM i 7.5 Training for Partners
  • IBM Delivers More Out-of-the-Box Security with IBM i 7.5
  • Groundhog Day For Malware
  • IBM i Community Reacts to IBM i 7.5
  • Four Hundred Monitor, May 11
  • IBM i PTF Guide, Volume 24, Number 19

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.